From Paul Czywczynski, CTO, TempWorks Software:

There has been a lot of news in the past 48 hours about a security vulnerability in a version of OpenSSL, commonly known as the “Heartbleed Bug”. OpenSSL is a popular cryptographic software library used to help keep Internet communications private, so understandably you may have questions about how this might impact your secure information.

We take the responsibility of keeping your data protected very seriously at TempWorks. It is our top concern.

We would like to assure you that with regards to the Heartbleed bug:

  • ​At no time has TempWorks operated a vulnerable OpenSSL endpoint.
  • ​Our customers hosted data is encrypted by dedicated hardware as it leaves our network, no client data goes through an OpenSSL encryption layer.
  • ​TempWorks operates Intrusion Protection Systems (IPS) that are capable of identifying a Heartbleed attack (and many other attacks) in progress and alerting us immediately.

Information for our Self-Hosted Customers:

  • ​TempWorks Software technology is based on Microsoft Windows Server , SQL Server, and IIS Server. These systems use Microsoft’s SSL own stack which is known to be not vulnerable to Heartbleed.
  • ​However, other network systems and servers used by our Self-Hosted Customers could possibly be vulnerable.
  • ​Vulnerable systems could have compromised TempWorks data flowing through them, or compromised encryption used by TempWorks products if certificates are shared between servers running TempWorks and vulnerable systems.

We highly recommend  our Self-Hosted Customers take steps to investigate and audit their internal systems. The following link is a good starting place to learn about the bug and includes resources to tell if your systems are vulnerable:

Again, we would like to reassure all our consumers that your TempWorks data remains secure.

If you have any questions, please feel free to reach out to our customer support team.

Tags: TempWorks Blog